Thycotic’s Cyber Security Publication

Where Privileged Account Management is Really Failing

March 22nd, 2018

From software vulnerabilities and DDoS to ransomware, the world of cyber security can often feel like you’re being pulled in every direction at once. With limited resources, it’s a challenge to know which threats should be your priority and where investing in security will really make an impact.

So where should you focus your effort? Where is your business most exposed? And where are attackers most likely to strike?

And why the time to take action and implement best practices for privileged account management is right now.

Three ways your PAM could be leaving you exposed

Whether you realise it or not, Privileged Access Management is a critical part of how you manage your IT. From the way you use administrative access to how you ensure least privilege on your end-user accounts, it’s instrumental in the day-to-day running of your business.

But as networks have become more complicated and sprawling, an alarming number of organisations are failing to implement PAM that works.

These issues typically fall into three categories:

1.) Inadequate policies

According to Thycotic, around 40% of businesses do absolutely nothing to discover their privileged accounts, let alone design and distribute access control policies for how they’re used.

At the highest levels, organisations aren’t creating policies to tackle the issue of privileged accounts and define what best practice looks like. If IT teams and users don’t have policies around PAM, how can they be expected to stay secure?

2.) Poorly executed processes

Organisations lack any realistic process for detecting default accounts. The ways in which people handle privileged accounts are inconsistent. At every stage, there’s a lack of process for maintaining good PAM hygiene.

As just one example, 55% of businesses don’t revoke access after an employee leaves – simply because the process doesn’t exist to make that happen.

3.) Insufficient controls

In PAM, your primary goal is ongoing control. It’s not enough to discover privileged accounts and enforce a rule of least privilege. PAM is only effective when audit logs are carefully monitored – but 63% of businesses don’t even know when a failed logon attempt has occurred.

And, even when an organisation has implemented controls for internal employees, they fail to continue the process and define stronger controls for less secure parties like contractors.

Learn about the life cycle of effective PAM

Right now, those organisations that are focused on PAM are detecting and securing some privileged accounts. But it takes more than that.

A successful approach covers the entire lifecycle of your accounts, from discovery through to ongoing hygiene, close monitoring, and revoking permissions as soon as an account is no longer required.

Whether you want to understand the scale of your risk or start implementing better processes now, this report highlights the practical insights straight from the experts.

BIOAlpha Generation Distribution Ltd

Alpha Generation are a Thycotic certified partner who specialise in value-added distribution for proactive security in the UK Channel. Focused on innovative security for today’s most pressing threats, Alpha Gen take a focused approach that helps vendors bring products to the channel helping them capitalise on demand.

Guest post from Alpha Generation a Thycotic certified partner who specializes in IT distribution with a focus on proactive security in the UK.

Jordan True

Jordan is a social media strategist, digital community manager and a lover of all things IT. She currently manages the Social Media Program at Thycotic and loves to connect with technology communities online and at enterprise IT events. Addicted to the outdoors, you can find Jordan on the running trails in her free time or sharing the latest InfoSec buzz on Twitter @ThycoticJordan.